对费斯特尔变种的新量子攻击

IF 2.2 3区物理与天体物理 Q1 PHYSICS, MATHEMATICAL

Quantum Information Processing Pub Date : 2025-07-21 DOI:10.1007/s11128-025-04852-0

Qiufu Lan, Jian Zou, Jichen Wei

{"title":"对费斯特尔变种的新量子攻击","authors":"Qiufu Lan, Jian Zou, Jichen Wei","doi":"10.1007/s11128-025-04852-0","DOIUrl":null,"url":null,"abstract":"<div>Simon’s algorithm is a period-finding algorithm that can provide an exponential speedup compared to the classical algorithm. It has already been widely used in the quantum cryptanalysis of some cryptographic primitives. This paper investigates the applications of Simon’s algorithm in the security analysis of several Feistel variants: MARS-F, Skipjack-B-F, 4F-function, and 2F-function schemes. Firstly, we give a 2d-round quantum distinguisher for d-branch MARS-F. Secondly, a \\((d^2 - 1)\\)-round quantum distinguisher is built for d-branch Skipjack-B-F. Thirdly, we construct a 10-round and a 6-round quantum distinguisher for 4F-function and 2F-function, respectively. Based on these quantum distinguishers, we can build some quantum key-recovery attacks on these Feistel variants. We denote n as the bit length of a branch. In the first place, for 3d-round MARS-F with d branches, a key-recovery attack is constructed with the time complexity of \\(O\\left( n2^{dn/2}\\right) \\). In the second place, for \\((d^2 + d - 1)\\)-round Skipjack-B-F with d branches, we present a key-recovery attack with the time complexity of \\(O\\left( n2^{dn/2}\\right) \\). At last, the key can be recovered with the time complexities of \\(O\\left( n2^{5n}\\right) \\) and \\(O\\left( n2^{3n/2}\\right) \\) for 14-round 4F-function and 8-round 2F-function, respectively.</div>","PeriodicalId":746,"journal":{"name":"Quantum Information Processing","volume":"24 8","pages":""},"PeriodicalIF":2.2000,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"New quantum attacks on some Feistel variants\",\"authors\":\"Qiufu Lan, Jian Zou, Jichen Wei\",\"doi\":\"10.1007/s11128-025-04852-0\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>Simon’s algorithm is a period-finding algorithm that can provide an exponential speedup compared to the classical algorithm. It has already been widely used in the quantum cryptanalysis of some cryptographic primitives. This paper investigates the applications of Simon’s algorithm in the security analysis of several Feistel variants: MARS-F, Skipjack-B-F, 4F-function, and 2F-function schemes. Firstly, we give a 2d-round quantum distinguisher for d-branch MARS-F. Secondly, a \\\\((d^2 - 1)\\\\)-round quantum distinguisher is built for d-branch Skipjack-B-F. Thirdly, we construct a 10-round and a 6-round quantum distinguisher for 4F-function and 2F-function, respectively. Based on these quantum distinguishers, we can build some quantum key-recovery attacks on these Feistel variants. We denote n as the bit length of a branch. In the first place, for 3d-round MARS-F with d branches, a key-recovery attack is constructed with the time complexity of \\\\(O\\\\left( n2^{dn/2}\\\\right) \\\\). In the second place, for \\\\((d^2 + d - 1)\\\\)-round Skipjack-B-F with d branches, we present a key-recovery attack with the time complexity of \\\\(O\\\\left( n2^{dn/2}\\\\right) \\\\). At last, the key can be recovered with the time complexities of \\\\(O\\\\left( n2^{5n}\\\\right) \\\\) and \\\\(O\\\\left( n2^{3n/2}\\\\right) \\\\) for 14-round 4F-function and 8-round 2F-function, respectively.</div>\",\"PeriodicalId\":746,\"journal\":{\"name\":\"Quantum Information Processing\",\"volume\":\"24 8\",\"pages\":\"\"},\"PeriodicalIF\":2.2000,\"publicationDate\":\"2025-07-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Quantum Information Processing\",\"FirstCategoryId\":\"101\",\"ListUrlMain\":\"https://link.springer.com/article/10.1007/s11128-025-04852-0\",\"RegionNum\":3,\"RegionCategory\":\"物理与天体物理\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"PHYSICS, MATHEMATICAL\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Quantum Information Processing","FirstCategoryId":"101","ListUrlMain":"https://link.springer.com/article/10.1007/s11128-025-04852-0","RegionNum":3,"RegionCategory":"物理与天体物理","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"PHYSICS, MATHEMATICAL","Score":null,"Total":0}

引用次数: 0

摘要

西蒙算法是一种周期查找算法，与经典算法相比，它可以提供指数级的加速。它已广泛应用于一些密码原语的量子密码分析中。本文研究了Simon算法在几种Feistel变体：MARS-F、Skipjack-B-F、4f -函数和2f -函数方案的安全性分析中的应用。首先，我们给出了d分支MARS-F的第2轮量子区分符。其次，建立了d分支Skipjack-B-F的\((d^2 - 1)\) -round量子区分器。第三，我们分别为4f函数和2f函数构造了一个10轮和6轮的量子区分符。基于这些量子区分符，我们可以构建一些针对Feistel变体的量子密钥恢复攻击。我们把n表示为分支的位长度。首先，针对具有d个分支的第3轮MARS-F，构建了一个时间复杂度为\(O\left( n2^{dn/2}\right) \)的密钥恢复攻击。其次，对于具有d个分支的\((d^2 + d - 1)\) -round skipjackb - f，我们提出了一种时间复杂度为\(O\left( n2^{dn/2}\right) \)的密钥恢复攻击。最后，对于14轮4f函数和8轮2f函数，分别以\(O\left( n2^{5n}\right) \)和\(O\left( n2^{3n/2}\right) \)的时间复杂度恢复密钥。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

New quantum attacks on some Feistel variants

查看原文本刊更多论文

New quantum attacks on some Feistel variants

Simon’s algorithm is a period-finding algorithm that can provide an exponential speedup compared to the classical algorithm. It has already been widely used in the quantum cryptanalysis of some cryptographic primitives. This paper investigates the applications of Simon’s algorithm in the security analysis of several Feistel variants: MARS-F, Skipjack-B-F, 4F-function, and 2F-function schemes. Firstly, we give a 2d-round quantum distinguisher for d-branch MARS-F. Secondly, a \((d^2 - 1)\)-round quantum distinguisher is built for d-branch Skipjack-B-F. Thirdly, we construct a 10-round and a 6-round quantum distinguisher for 4F-function and 2F-function, respectively. Based on these quantum distinguishers, we can build some quantum key-recovery attacks on these Feistel variants. We denote n as the bit length of a branch. In the first place, for 3d-round MARS-F with d branches, a key-recovery attack is constructed with the time complexity of \(O\left( n2^{dn/2}\right) \). In the second place, for \((d^2 + d - 1)\)-round Skipjack-B-F with d branches, we present a key-recovery attack with the time complexity of \(O\left( n2^{dn/2}\right) \). At last, the key can be recovered with the time complexities of \(O\left( n2^{5n}\right) \) and \(O\left( n2^{3n/2}\right) \) for 14-round 4F-function and 8-round 2F-function, respectively.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Quantum Information Processing 物理-物理：数学物理

CiteScore

4.10

自引率

20.00%

发文量

337

审稿时长

4.5 months

期刊介绍： Quantum Information Processing is a high-impact, international journal publishing cutting-edge experimental and theoretical research in all areas of Quantum Information Science. Topics of interest include quantum cryptography and communications, entanglement and discord, quantum algorithms, quantum error correction and fault tolerance, quantum computer science, quantum imaging and sensing, and experimental platforms for quantum information. Quantum Information Processing supports and inspires research by providing a comprehensive peer review process, and broadcasting high quality results in a range of formats. These include original papers, letters, broadly focused perspectives, comprehensive review articles, book reviews, and special topical issues. The journal is particularly interested in papers detailing and demonstrating quantum information protocols for cryptography, communications, computation, and sensing.